Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Simple Nudges for Better Password Creation

Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords

Analysis of data-at-rest security In smartphones

With almost two billion users worldwide, smartphones are used for almost everything – booking a hotel, ordering a cup of coffee, or paying in a shop. However, small size and high mobility makes these devices prone to theft and loss. In this work we aim to broaden our understanding of how smartphone users and application developers protect sensitive data on smartphones. To understand how well users are protecting their data in smartphones, we conducted several studies. The results revealed that 50% of the subjects locked their smartphone with an unlocking secret and 95% of them chose unlocking secrets that could be guessed within minutes. To understand how well application developers protect sensitive data in smartphones, we analyzed 132K Android applications. We focused on identifying misuse of cryptography in applications and libraries. The study results revealed that developers often misuse cryptographic API. In fact, 9 out of 10 Android applications contained code that used a symmetric cipher with a static encryption key. Further, source attribution revealed that libraries are the main consumer of cryptography and the major contributor of misuse cases. Finally, an in-depth analysis of the top libraries highlighted the need for improvement in the way we define and detect misuse of cryptography. Based on these results we designed and evaluated a system for encryption keys management that uses wearable devices as an additional source of entropy. Evaluation results showed that the proposal introduces insignificant overhead in power consumption and latency.Applied Science, Faculty ofElectrical and Computer Engineering, Department ofGraduat